An important feature of trusted execution environments (“TEEs”) is an ability to interrupt an application executed by the TEE in a timely and secure manner for handling hardware or software interrupt events. In many cases, an interrupt event is handled by a non-trusted OS compartment, in which case a special hardware path may be used to securely store and exit the TEE (e.g. INTEL® Software Guard Extensions, “SGX”, Asynchronous Exit).
Some solutions handle interrupt events in a TEE, by making the hardware enter a special “secure mode” upon the occurrence of particular interrupts, e.g. INTEL® Secure Management Mode (“SMM”) and INTEL® System Management Interrupt (“SMI”), or ARM® TRUSTZONE® secure interrupt into TRUSTZONE® Monitor.
These, however, require dispatch by a common trusted runtime, such as the TRUSTZONE® Monitor or INTEL® SMM, which introduces processing time inefficiencies, context switch overhead, and security problems. For example, context switch may be unnecessary when the system is already in a correct compartment. For example, security problems can arise when a TEE is controlled by multiple and/or distributed stakeholders.
Although the following Detailed Description will proceed with reference being made to illustrative embodiments, many alternatives, modifications, and variations thereof will be apparent to those skilled in the art.